Page 1 of 3 123 LastLast
Results 1 to 25 of 54
  1. #1

    Exclamation vaserv/fsckvps client base compromised?

    i know that hacker claimed that he got the vaserv/fsckvps client database? Should we cancel our credit cards? this is a major issue and someone should he held responsible!

  2. #2
    I changed my paypal password (all i've ever used with them.)

  3. #3
    Quote Originally Posted by koktool View Post
    i know that hacker claimed that he got the vaserv/fsckvps client database? Should we cancel our credit cards? this is a major issue and someone should he held responsible!
    Do you have the source of this information (i.e a url etc)?

  4. #4
    Join Date
    Mar 2009
    Location
    Minnesota
    Posts
    700
    If fsck vps was PCI compliant, they shouldn't have gotten any sort of CC information/paypal information.
    madgenius.com - S Corp. We are US based company.
    Web Hosting, Cloud VPS, and Dedicated Solutions since 1998
    Also offering custom solutions and automated provisioning for most services

  5. #5
    Join Date
    Apr 2009
    Posts
    60
    Quote Originally Posted by vivithemage View Post
    If fsck vps was PCI compliant, they shouldn't have gotten any sort of CC information/paypal information.
    Do you really have any faith that that's the case?

  6. #6
    Join Date
    Oct 2007
    Location
    United States
    Posts
    1,182
    Quote Originally Posted by vivithemage View Post
    If fsck vps was PCI compliant, they shouldn't have gotten any sort of CC information/paypal information.
    If he got the database and then the config file (WHMCS config which contains the hash key) from the web server, then that means he has the encryption key to view the credit cards. This of course is an assumption that they are using WHMCS.

    Before you make such claims that their whmcs was compromised, you should make sure to know the facts first.
    www.opticip.com - Optic IP LLC

  7. #7
    Join Date
    Apr 2009
    Location
    USA / UK
    Posts
    4,577
    It looks like a transcript of the hackers message is here:

    http://www.tjphippen.com/hackerpost.txt

    Edit: the hackers message is gone now, so here's the full text:

    Code:
    Z3r0 day in hypervm?? plz u give us too much credit. If you really really wanna know how you got wtfpwned bitch it was ur own stupidity and excessive passwd reuse. Rus's passwds are
    Code:
    
    e2x2%sin0ei unf1shf4rt 3^%3df 1/2=%mod5 f0ster
    
    f0ster being the latest one, quite secure eh bitches? We were in ur networks sniffing ur passwds for the past two months quite funny this openvz crap is we could just get into any VPS we like at any time thanks to ur mad passwds. But we got bored so we decided to initiate operation rmfication and hypervm was a great t00l to do that since it spared us the time of sshing into all ur 200 boxen just to issue rm -rf. Coded a little .pl to do just that, take a look at this eleet output it's mad dawg
    Code:
    
    [root@vz-vaserv .ssh]# perl h.pl -user admin -pass ****off -host cp.vaserv.com -cmd 'rm -rf /* 2> /dev/null > /dev/null &'
    [+] Attempting to login using admin / ****off
    [+] Logged in, showtime!
            Output for 67.222.156.106
            Output for xen3ws.vaserv.com
            Output for vz22uk.vaserv.com
            Output for xen4ws.vaserv.com
            Output for vzspecial5.vaserv.com
            Output for xen16.vaserv.com
            Output for vz77uk.vaserv.com
            Output for 91.186.26.128
            Output for xen25.vaserv.com
            Output for vz76uk.vaserv.com
            Output for vz18tx.vaserv.com
            Output for vz75uk.vaserv.com
            Output for vz45uk.vaserv.com
            Output for vzpent16.vaserv.com
            Output for xen1tx.vaserv.com
            Output for vz13tx.vaserv.com
            Output for vz74uk.vaserv.com
            Output for vzspecial8.vaserv.com
            Output for xen24.vaserv.com
            Output for vz73uk.vaserv.com
            Output for rdns1.vaserv.com
            Output for vz2tx.vaserv.com
            Output for vz17tx.vaserv.com
            Output for xen23.vaserv.com
            Output for vz72uk.vaserv.com
            Output for xen22.vaserv.com
            Output for vzruffbuff.vaserv.com
            Output for vzmario.vaserv.com
            Output for xen21.vaserv.com
            Output for vz71uk.vaserv.com
            Output for vzspecial7.vaserv.com
            Output for vz70uk.vaserv.com
            Output for xen20.vaserv.com
            Output for vz69uk.vaserv.com
            Output for vzspecial6.vaserv.com
            Output for vz7uk.vaserv.com
            Output for vzspecial4.vaserv.com
            Output for vzspecial3.vaserv.com
            Output for xen19.vaserv.com
            Output for vzspecial2.vaserv.com
            Output for vzspecial1.vaserv.com
            Output for vzpent3.vaserv.com
    output truncated due to massive boxen outputz
    [root@vz-vaserv .ssh]# rm -rf /* > /dev/null 2> /dev/null &
    [1] 12399
    [root@vz-vaserv .ssh]#
    
    Did the same fo ****vps.com after resetting the passwd to hyper ve emz, it was ever so much fun you should try it sometime Rus it's GREAT!
    BTW to all the customers we deleted ur loving provider is overselling their crappy 8gb nodez to hell and back, thought you'd like to know, you can also thank ur loving buddy Rus for losing ur data hihi. BTW Rus we still have ur billing system wtfpwned and baqdoored we got shitload of CCz from ur retarded customers thanks a lot buddy. Telling you this cuz we got bored of this ****, it's just too easy and monotonous so patch ur crap, if your too dumb to secure a simple web server my rate is $100/hour or one night with ur sister hauhaiahiaha.
    Also wheres ur team Rus? the only ****ers i saw in ur billing sys are Kody, Vlada and u you guys work like ****ing hindus i bet but ur cheap like jews lolz hire some pros like me to help you out manage all those retards VPSs lolololl
    Code:
    
    1 	1  	rghf 	c32f3310baffcb431875a67196e99ebd  	Rus  	F  	zswlxxoomx@nowmymail.com  	   	  	0  	,  	 
    	Edit 	Delete 	3 	1 	vlada 	c32f3310baffcb431875a67196e99ebd 	Vlada 	Neskovic 	zswlxxoomx@nowmymail.com 	  	  	0 	, 	 
    	Edit 	Delete 	4 	1 	Kody 	fde67637d867c52d739931528dd92ef0 	Kody 	Riker 	zswlxxoomx@nowmymail.com 	  	Georgia - server22 space 1slot 1gb 	0 	,
    
    See we care about ur privacy and edited ur emailz unlike you who do not care about the privacy of ur retarded customers lol
    Code:
    
    Showing rows 0 - 29 (1,361 total, Query took 0.0133 sec)
    SELECT *
    FROM `tblclients`
    LIMIT 0 , 30
    
    Fun stuff think we gonna sell all those emails to some spammers to make some quick bucks lol, and yes their main site was a VPS lolol which is why we got quick access thanks to ur passwd reuse, your awesome Rus.
    
    Yea yea "his IP is:64.79.210.78" here i saved u the trouble lolol
    Code:
    
    -bash-3.2# ifconfig
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:16271 errors:0 dropped:0 overruns:0 frame:0
              TX packets:16271 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:1114930 (1.0 MiB)  TX bytes:1114930 (1.0 MiB)
    
    venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
              RX packets:33396 errors:0 dropped:0 overruns:0 frame:0
              TX packets:34122 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:4462516 (4.2 MiB)  TX bytes:11170841 (10.6 MiB)
    
    venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:64.79.210.78  P-t-P:64.79.210.78  Bcast:64.79.210.78  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
    
    venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:64.79.206.197  P-t-P:64.79.206.197  Bcast:64.79.206.197  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
    
    venet0:2  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:67.223.225.52  P-t-P:67.223.225.52  Bcast:67.223.225.52  Mask:255.255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
    
    -bash-3.2# rm -rf /* 2> /dev/null > /dev/null * &
    [1] 7643
    -bash-3.2#
    
    I love to rm lol bye
    
    ~Thedefaced.org
    RAM Host -- USA Premium & Budget Linux Hosting
    █ Featuring Powerful cPanel Shared Hosting
    █ & Premium Virtual Dedicated Servers
    Follow us on Twitter

  8. #8
    They can't have got your paypal password because as with all companies, vaserv direct you to paypal.com to log in - the password is never stored anywhere other than paypal and anyone that enters their paypal login info anywhere other than paypal.com is stupid.

  9. #9
    Their cheapvps.co.uk brand is using Ubersmith.

    If their database was compromised, I suspect Rus will let us know asap. He has been very open and honest about everything so far, so I have confidence he will let us know if their database of credit card details was stolen.

    That being said... it is always a good idea to periodically change your passwords, so now might be as good a time as any.

    Also maybe give your credit card company a call and ask them to temporarily suspend the card for a few days until Rus has a chance to confirm if their database was stolen or not. It can't hurt to be overly cautious, but I would not actually cancel your card just yet.

    We are eNom PLATINUM PLUS resellers!
    Sign up today for an eNom.com reseller account with lowest possible pricing.
    * We provide support and service to over 4275 happy eNom domain name and SSL certificate resellers!

  10. #10
    Join Date
    Oct 2007
    Location
    United States
    Posts
    1,182
    Fun stuff think we gonna sell all those emails to some spammers to make some quick bucks lol, and yes their main site was a VPS lolol which is why we got quick access thanks to ur passwd reuse, your awesome Rus.
    The main website was on a VPS with all the other clients?
    www.opticip.com - Optic IP LLC

  11. #11
    Can we stop talking about this here... this thread is surely about people getting sorted out.

    Not discussing what _could_ be complete BS from someone trying to look good by posting some code up.
    Last edited by anon-e-mouse; 06-14-2009 at 05:24 PM. Reason: removed size tags

  12. #12
    Join Date
    Jun 2009
    Location
    Austria
    Posts
    2
    Maybe its BS, maybe not.

    But if its true, credit card user are in danger of misuse.

    If it's true that "BTW Rus we still have ur billing system wtfpwned and baqdoored" then future use of this system isn't really recommendable.

  13. #13
    Join Date
    Apr 2009
    Location
    USA / UK
    Posts
    4,577
    Quote Originally Posted by Traceroot View Post
    Can we stop talking about this here... this thread is surely about people getting sorted out.

    Not discussing what _could_ be complete BS from someone trying to look good by posting some code up.
    (sized reduced)

    This is a discussion - i ripped that from the source as described, which i aquired while listening to an irc channel.

    and i have a bigger reputation than you and have no reason to argue with someone who only has 7 posts - I suspect a mod will be round to take care of you soon.

    Besides, you can find the same text here in the really big thread.

    It also exists here

    This forum exists to discuss things, and when new information arises you shouldn't be so quick to jump to conclusions.

    i've been breaking news all night

    take it easy - nobody is after you personally.
    Last edited by ramnet; 06-09-2009 at 12:32 PM.
    RAM Host -- USA Premium & Budget Linux Hosting
    █ Featuring Powerful cPanel Shared Hosting
    █ & Premium Virtual Dedicated Servers
    Follow us on Twitter

  14. #14
    Join Date
    Oct 2008
    Posts
    2,253
    I think it may be bs but if his password was actualy f0ster after his last name thats just stupid.



    and we are all fully aware they oversell but aslong as i sitll get quality i dont care
    Leader of the new anti sig spamming club.

  15. #15
    Join Date
    Mar 2006
    Posts
    134
    They've just told everybody to cancel their credit cards.

  16. #16
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,303
    Just got this from FSCKVPS

    Dear Clients,

    As you are most aware of the recent incidents, we are aware the the hackers may have got a hand on the credit card details of your account. While this information is encrypted, and is believed to be safe, we are sending out this notification to let you know that they might have the infromation and that you should take proper precautions.

    a). Cancel Credit cards
    b). Watch Bank Statements
    c). Keep updated with the status on http://fsckvps.com.

    We appreciate each customers patience and co-operation in this time. We ask that you do not respond to this email as it will bulk up our support department even more.

  17. #17
    Join Date
    Oct 2008
    Posts
    2,253
    Quote Originally Posted by ZacUSNYR View Post
    I changed my paypal password (all i've ever used with them.)
    you do know they have no way of getting your paypal password unless paypal themselves where hacked. so no need
    Leader of the new anti sig spamming club.

  18. #18
    Join Date
    Mar 2006
    Posts
    134
    Quote Originally Posted by darkeden View Post
    you do know they have no way of getting your paypal password unless paypal themselves where hacked. so no need
    Unless like a lot of people you use the same password everywhere.

  19. #19
    Quote Originally Posted by darkeden View Post
    you do know they have no way of getting your paypal password unless paypal themselves where hacked. so no need
    If you are worried about your paypal (used the same password or whatever) you can always set your cellphone up as a security token (they have to text you a code to allow you to log in).

    Edit: I also just realized that it doesn't appear that they store your PayPal email address (Check and old invoice and all it said was paid by paypal. I know it's stored in their transaction log in paypal but I'm not sure about on the website). So if you have a different email you use with paypal you should also be pretty safe.
    Last edited by spyfox5400; 06-09-2009 at 01:21 PM.

  20. #20
    Join Date
    Oct 2008
    Posts
    2,253
    Quote Originally Posted by ebit View Post
    Unless like a lot of people you use the same password everywhere.
    which is dumb XD.



    anyways if the message is true and russel used his last name as a password humanity has no hope
    Leader of the new anti sig spamming club.

  21. #21
    Join Date
    Mar 2004
    Location
    /dev/null
    Posts
    275
    Quote Originally Posted by ebit View Post
    They've just told everybody to cancel their credit cards.
    Yep, just received:

    Dear Clients,

    As you are most aware of the recent incidents, we are aware the the hackers may have got a hand on the credit card details of your account. While this information is encrypted, and is believed to be safe, we are sending out this notification to let you know that they might have the infromation and that you should take proper precautions.

    a). Cancel Credit cards
    b). Watch Bank Statements
    c). Keep updated with the status on http://fsckvps.com.

    We appreciate each customers patience and co-operation in this time. We ask that you do not respond to this email as it will bulk up our support department even more.

    If you have any questions about this specifically, please wait 48 hours and then reply to billing@fsckvps.com

    Regards,
    FsckVPS Billing.
    ...
    Hmm, sorry for the double post, but I forgot to refresh the page after lunch ...

  22. #22
    Join Date
    Oct 2008
    Posts
    2,253
    Quote Originally Posted by oldunis View Post
    Yep, just received:



    ...
    Hmm, sorry for the double post, but I forgot to refresh the page after lunch ...
    am I the only one that has not obtained a single fsckvps update in my email?
    Leader of the new anti sig spamming club.

  23. #23
    Quote Originally Posted by darkeden View Post
    am I the only one that has not obtained a single fsckvps update in my email?
    I haven't received any updates in my email either.

  24. #24
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,422
    Quote Originally Posted by spyfox5400 View Post
    I haven't received any updates in my email either.
    Log on to https://secure.fsckvps.com/ and check "My Emails".
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  25. #25
    Quote Originally Posted by mwatkins View Post
    Log on to https://secure.fsckvps.com/ and check "My Emails".
    Actually I just got it in my inbox, but thanks anyway!

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •